Move websites/tools to modules

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-22 20:01:33 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-22 20:01:33 +0200
commit: 4288c2f2431fb782b0d512b1b3749187f2374b6a (patch)
tree: aaf812414f91d6b695a7507265e7572de8dc477c /modules/private/websites/tools/peertube
parent: f40f5b235b890f46770a22f005f8a0f664cf0562 (diff)
download: Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.tar.gz
Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.tar.zst
Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.zip
1 files changed, 179 insertions, 0 deletions
diff --git a/modules/private/websites/tools/peertube/default.nix b/modules/private/websites/tools/peertube/default.nix
new file mode 100644
index 0000000..dee1b81
--- /dev/null
+++ b/modules/private/websites/tools/peertube/default.nix
@@ -0,0 +1,179 @@
+{ lib, pkgs, config, myconfig,  ... }:
+let
+  env = myconfig.env.tools.peertube;
+  cfg = config.myServices.websites.tools.peertube;
+  pcfg = config.services.peertube;
+in {
+  options.myServices.websites.tools.peertube = {
+    enable = lib.mkEnableOption "enable Peertube's website";
+  };
+  config = lib.mkIf cfg.enable {
+    services.peertube = {
+      enable = true;
+      configFile = "/var/secrets/webapps/tools-peertube";
+      package = pkgs.webapps.peertube.override { ldap = true; };
+    };
+    users.users.peertube.extraGroups = [ "keys" ];
+    secrets.keys = [{
+      dest = "webapps/tools-peertube";
+      user = "peertube";
+      group = "peertube";
+      permissions = "0640";
+      text = ''
+        listen:
+          hostname: 'localhost'
+          port: ${env.listenPort}
+        webserver:
+          https: true
+          hostname: 'peertube.immae.eu'
+          port: 443
+        trust_proxy:
+          - 'loopback'
+        database:
+          hostname: '${env.postgresql.socket}'
+          port: 5432
+          suffix: '_prod'
+          username: '${env.postgresql.user}'
+          password: '${env.postgresql.password}'
+          pool:
+            max: 5
+        redis:
+          socket: '${env.redis.socket}'
+          auth: null
+          db: ${env.redis.db_index}
+        ldap:
+          enable: true
+          ldap_only: false
+          url: ldaps://${env.ldap.host}/${env.ldap.base}
+          bind_dn: ${env.ldap.dn}
+          bind_password: ${env.ldap.password}
+          base: ${env.ldap.base}
+          mail_entry: "mail"
+          user_filter: "${env.ldap.filter}"
+        smtp:
+          transport: sendmail
+          sendmail: '/run/wrappers/bin/sendmail'
+          hostname: null
+          port: 465 # If you use StartTLS: 587
+          username: null
+          password: null
+          tls: true # If you use StartTLS: false
+          disable_starttls: false
+          ca_file: null # Used for self signed certificates
+          from_address: 'peertube@tools.immae.eu'
+        storage:
+          tmp: '${pcfg.dataDir}/storage/tmp/'
+          avatars: '${pcfg.dataDir}/storage/avatars/'
+          videos: '${pcfg.dataDir}/storage/videos/'
+          redundancy: '${pcfg.dataDir}/storage/videos/'
+          logs: '${pcfg.dataDir}/storage/logs/'
+          previews: '${pcfg.dataDir}/storage/previews/'
+          thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
+          torrents: '${pcfg.dataDir}/storage/torrents/'
+          captions: '${pcfg.dataDir}/storage/captions/'
+          cache: '${pcfg.dataDir}/storage/cache/'
+        log:
+          level: 'info'
+        search:
+          remote_uri:
+            users: true
+            anonymous: false
+        trending:
+          videos:
+            interval_days: 7
+        redundancy:
+          videos:
+            check_interval: '1 hour' # How often you want to check new videos to cache
+            strategies: # Just uncomment strategies you want
+        # Following are saved in local-production.json
+        cache:
+          previews:
+            size: 500 # Max number of previews you want to cache
+          captions:
+            size: 500 # Max number of video captions/subtitles you want to cache
+        admin:
+          email: 'peertube@tools.immae.eu'
+        contact_form:
+          enabled: true
+        signup:
+          enabled: false
+          limit: 10
+          requires_email_verification: false
+          filters:
+            cidr:
+              whitelist: []
+              blacklist: []
+        user:
+          video_quota: -1
+          video_quota_daily: -1
+        transcoding:
+          enabled: false
+          allow_additional_extensions: true
+          threads: 1
+          resolutions:
+            240p: false
+            360p: false
+            480p: true
+            720p: true
+            1080p: true
+          hls:
+            enabled: false
+        import:
+          videos:
+            http:
+              enabled: true
+            torrent:
+              enabled: false
+        instance:
+          name: 'Immae&#x2019;s PeerTube'
+          short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
+          description: '''
+          terms: '''
+          default_client_route: '/videos/trending'
+          default_nsfw_policy: 'blur'
+          customizations:
+            javascript: '''
+            css: '''
+          robots: |
+            User-agent: *
+            Disallow:
+          securitytxt:
+            "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
+        services:
+          # You can provide a reporting endpoint for Content Security Policy violations
+          csp-logger:
+          twitter:
+            username: '@_immae'
+            whitelisted: false
+        '';
+    }];
+    services.websites.tools.modules = [
+      "headers" "proxy" "proxy_http" "proxy_wstunnel"
+    ];
+    services.websites.tools.vhostConfs.peertube = {
+      certName    = "eldiron";
+      addToCerts  = true;
+      hosts       = [ "peertube.immae.eu" ];
+      root        = null;
+      extraConfig = [ ''
+          RewriteEngine On
+          RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
+          RewriteCond %{QUERY_STRING} transport=websocket    [NC]
+          RewriteRule /(.*)           ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L]
+          RewriteCond %{REQUEST_URI}  ^/tracker/socket       [NC]
+          RewriteRule /(.*)           ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L]
+          ProxyPass /        http://localhost:${env.listenPort}/
+          ProxyPassReverse / http://localhost:${env.listenPort}/
+          ProxyPreserveHost On
+          RequestHeader set X-Real-IP %{REMOTE_ADDR}s
+      '' ];
+    };
+  };
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-22 20:01:33 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-22 20:01:33 +0200
commit	4288c2f2431fb782b0d512b1b3749187f2374b6a (patch)
tree	aaf812414f91d6b695a7507265e7572de8dc477c /modules/private/websites/tools/peertube
parent	f40f5b235b890f46770a22f005f8a0f664cf0562 (diff)
download	Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.tar.gz Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.tar.zst Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.zip

diff --git a/modules/private/websites/tools/peertube/default.nix b/modules/private/websites/tools/peertube/default.nix new file mode 100644 index 0000000..dee1b81 --- /dev/null +++ b/modules/private/websites/tools/peertube/default.nix
@@ -0,0 +1,179 @@
	1	{ lib, pkgs, config, myconfig, ... }:
	2	let
	3	env = myconfig.env.tools.peertube;
	4	cfg = config.myServices.websites.tools.peertube;
	5	pcfg = config.services.peertube;
	6	in {
	7	options.myServices.websites.tools.peertube = {
	8	enable = lib.mkEnableOption "enable Peertube's website";
	9	};
	10
	11	config = lib.mkIf cfg.enable {
	12	services.peertube = {
	13	enable = true;
	14	configFile = "/var/secrets/webapps/tools-peertube";
	15	package = pkgs.webapps.peertube.override { ldap = true; };
	16	};
	17	users.users.peertube.extraGroups = [ "keys" ];
	18
	19	secrets.keys = [{
	20	dest = "webapps/tools-peertube";
	21	user = "peertube";
	22	group = "peertube";
	23	permissions = "0640";
	24	text = ''
	25	listen:
	26	hostname: 'localhost'
	27	port: ${env.listenPort}
	28	webserver:
	29	https: true
	30	hostname: 'peertube.immae.eu'
	31	port: 443
	32	trust_proxy:
	33	- 'loopback'
	34	database:
	35	hostname: '${env.postgresql.socket}'
	36	port: 5432
	37	suffix: '_prod'
	38	username: '${env.postgresql.user}'
	39	password: '${env.postgresql.password}'
	40	pool:
	41	max: 5
	42	redis:
	43	socket: '${env.redis.socket}'
	44	auth: null
	45	db: ${env.redis.db_index}
	46	ldap:
	47	enable: true
	48	ldap_only: false
	49	url: ldaps://${env.ldap.host}/${env.ldap.base}
	50	bind_dn: ${env.ldap.dn}
	51	bind_password: ${env.ldap.password}
	52	base: ${env.ldap.base}
	53	mail_entry: "mail"
	54	user_filter: "${env.ldap.filter}"
	55	smtp:
	56	transport: sendmail
	57	sendmail: '/run/wrappers/bin/sendmail'
	58	hostname: null
	59	port: 465 # If you use StartTLS: 587
	60	username: null
	61	password: null
	62	tls: true # If you use StartTLS: false
	63	disable_starttls: false
	64	ca_file: null # Used for self signed certificates
	65	from_address: 'peertube@tools.immae.eu'
	66	storage:
	67	tmp: '${pcfg.dataDir}/storage/tmp/'
	68	avatars: '${pcfg.dataDir}/storage/avatars/'
	69	videos: '${pcfg.dataDir}/storage/videos/'
	70	redundancy: '${pcfg.dataDir}/storage/videos/'
	71	logs: '${pcfg.dataDir}/storage/logs/'
	72	previews: '${pcfg.dataDir}/storage/previews/'
	73	thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
	74	torrents: '${pcfg.dataDir}/storage/torrents/'
	75	captions: '${pcfg.dataDir}/storage/captions/'
	76	cache: '${pcfg.dataDir}/storage/cache/'
	77	log:
	78	level: 'info'
	79	search:
	80	remote_uri:
	81	users: true
	82	anonymous: false
	83	trending:
	84	videos:
	85	interval_days: 7
	86	redundancy:
	87	videos:
	88	check_interval: '1 hour' # How often you want to check new videos to cache
	89	strategies: # Just uncomment strategies you want
	90	# Following are saved in local-production.json
	91	cache:
	92	previews:
	93	size: 500 # Max number of previews you want to cache
	94	captions:
	95	size: 500 # Max number of video captions/subtitles you want to cache
	96	admin:
	97	email: 'peertube@tools.immae.eu'
	98	contact_form:
	99	enabled: true
	100	signup:
	101	enabled: false
	102	limit: 10
	103	requires_email_verification: false
	104	filters:
	105	cidr:
	106	whitelist: []
	107	blacklist: []
	108	user:
	109	video_quota: -1
	110	video_quota_daily: -1
	111	transcoding:
	112	enabled: false
	113	allow_additional_extensions: true
	114	threads: 1
	115	resolutions:
	116	240p: false
	117	360p: false
	118	480p: true
	119	720p: true
	120	1080p: true
	121	hls:
	122	enabled: false
	123	import:
	124	videos:
	125	http:
	126	enabled: true
	127	torrent:
	128	enabled: false
	129	instance:
	130	name: 'Immae’s PeerTube'
	131	short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
	132	description: '''
	133	terms: '''
	134	default_client_route: '/videos/trending'
	135	default_nsfw_policy: 'blur'
	136	customizations:
	137	javascript: '''
	138	css: '''
	139	robots: \|
	140	User-agent: *
	141	Disallow:
	142	securitytxt:
	143	"# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
	144	services:
	145	# You can provide a reporting endpoint for Content Security Policy violations
	146	csp-logger:
	147	twitter:
	148	username: '@_immae'
	149	whitelisted: false
	150	'';
	151	}];
	152
	153	services.websites.tools.modules = [
	154	"headers" "proxy" "proxy_http" "proxy_wstunnel"
	155	];
	156	services.websites.tools.vhostConfs.peertube = {
	157	certName = "eldiron";
	158	addToCerts = true;
	159	hosts = [ "peertube.immae.eu" ];
	160	root = null;
	161	extraConfig = [ ''
	162	RewriteEngine On
	163
	164	RewriteCond %{REQUEST_URI} ^/socket.io [NC]
	165	RewriteCond %{QUERY_STRING} transport=websocket [NC]
	166	RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L]
	167
	168	RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
	169	RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L]
	170
	171	ProxyPass / http://localhost:${env.listenPort}/
	172	ProxyPassReverse / http://localhost:${env.listenPort}/
	173
	174	ProxyPreserveHost On
	175	RequestHeader set X-Real-IP %{REMOTE_ADDR}s
	176	'' ];
	177	};
	178	};
	179	}